Back

Email disclaimer laws for the United States – Part One

Many advanced markets have regulations in place that require businesses to add disclaimers to their emails whether they want to or not. Some of these are sector-specific, like some of the following examples that apply to the United States.

Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act (FISMA) places the onus squarely on agencies to ensure the security of data within the different branches of the US government (federal, state and local).

The Act defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. Every government agency is required to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. As part of FISMA compliance, agencies and departments must implement ways to track the contents of all outgoing emails.

The need for an Archiver
Email is a prime medium for exchange and storage of company records. Storage in the mail-server does not protect against falsification, nor does it protect against accidental loss or malicious removal. A purpose built email archive system will ensure that relevant data can be maintained for the desired retention period and maintain integrity of the records through tamper-proof mechanisms. Furthermore, the system will provide easy search access to recover data if required by an external auditor.

Federal Rules of Civil Procedure (FRCP)

The Federal Rules of Civil Procedure (FRCP) are regulations that specify procedures for civil legal suits within the United States Federal Court system. A revision to the Rules, which went into effect on December 1, 2006, was established for companies to make provisions for the handling of electronic records and to accommodate electronic discovery, otherwise known as eDiscovery (using electronic data for civil legal actions). An organization must know where their data is, how to retrieve it, how to meet data requests and they must determine what data will not be subject to search.

The need for an Archiver
Organizations that do not have an automated system in place to help them effectively store, search and retrieve email data in real-time face paying high costs for “rush job” eDiscovery requests. In some instances, failure to produce the requested data in a timely fashion may even lead to the loss of a lawsuit.

Freedom of Information Act (FOIA)

The Freedom of Information Act is a federal freedom of information law that allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States government.

The speed and economy of email often makes it the preferred means of delivery, carrying risks that the wrong information might be sent or the wrong recipient addressed. As email has become so prevalent for interdepartmental communications, security of communications has become a serious concern.

The need for an Archiver
In order to comply with the FOIA, a law guaranteeing individuals access to public records kept by government agencies, means that an efficient archiving system is a must. Email is a public record, just like any other document, so it is vital that a system is in place to control large amounts of email data.

Gramm-Leach-Bliley Act (GLB)

The GLB Act applies to “financial institutions” – businesses that offer financial products or services to individuals to be used primarily for personal, family, or household purposes. Financial institutions like banks, securities firms and insurance companies are covered by the SEC (Securities and Exchange Commission). Businesses that provide many other types of financial products and services to consumers fall under jurisdiction of the FTC (Federal Trade Commission) for the purposes of enforcing GLB.

Violation of the Act may result in a civil action brought by the U.S. Attorney General. The penalties include up to $100,000 for each violation. In addition, “the officers and directors of the financial institution shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation”. Criminal penalties may include up to 5 years in prison. The Act has been cited by many as the cause of the 2007 subprime mortgage financial crisis, which triggered the recession of 2008.

The need for an Archiver
Today, the vast majority of organizations use email to communicate internally and as a vehicle for the exchange of documents and correspondence between businesses and consumers. Since personal financial information can be transmitted by and retained in electronic formats, it is critical to ensure that the management of such records complies with GLB.

Check back tomorrow to see what other disclaimer laws are in place in the United States.